There are many reasons why organisations might consider ISO27001. Organisations are under increasing pressure to demonstrate effective Information Assurance, from regulators, employees, customers, legislative & enforcement bodies, business partners and prospective customers (in the form of tender requirements). Increasingly, the business that cannot easily demonstrate effective IA is the business that will be excluded from tenders, attract the interest of the regulator and, in general, find itself under increased and increasing scrutiny.
In the search for effective and demonstrable IA, ISO/IEC 27001:2005 and the supporting family of standards have become the common point of reference across industries and across international boundaries. The CNS ISO27001 strategy offering will explain the workings of the standard, assess the correct context for the standard in your organisation, brief senior stakeholders and outline the effort and overview roadmap to the implementation of an effective Information Security Management System (ISMS) in your organisation. The strategy phase will also assess whether formal accreditation is the goal or whether simply implementing the ISMS is the desired outcome.
Following on from the strategy phase, it is important that a clear scope is defined for your ISMS in order to ensure a successful and effective implementation project, whether accreditation is sought or not. CNS’s consultants will aid you in defining a scope that is sensible, internally consistent and achievable.
The aim of the gap analysis stage is to review the current state of the in scope areas of the business against the controls and requirements of ISO27001, highlighting the areas that currently meet the requirements and the areas that they are currently falling short. This is a key phase as it will allow both CNS and you to identify where resources will need to be assigned during the project. The output from this stage is a report that details the findings of the gap analysis and prepares the initial Statement of Applicability (SoA).
These findings will be broken down against each of the requirements stated within ISO27001 and a remediation activity will be suggested for each area.
For an organisation implementing their first ISO27001 ISMS there are likely to be a number of actions required to achieve the desired outcome, particularly in the governance arena. CNS are happy to play any role in the remediation phase, from ad-hoc consultancy, to planning and ownership of all remediation actions and any point in between. At all times, CNS is focused on ensuring the implementation of an ISMS that can be maintained over time and provide effective IA for the client.
ISO27001 Pre-Assessment Review
To reduce the risk of failure and the time and cost of re-audit, your company may benefit from using our 'Pre-Audit Assessment Service'. This entails a visit prior to Certification Audit which will highlight any areas for improvement and give you a report explaining what you need to do to attain and even exceed the degree of compliance required to pass your Certification Audit.
Our ISO27001 training is built upon our extensive practical experience of delivering a multitude of ISO27001 related projects across a multitude of sectors and business sizes. Our experience of implementing and designing an effective information security management system (ISMS), in the 'real world' is the foundation of delivering our quality education to our delegates from both private and public sector organisations. As with our consultancy, while our training is thorough and attentive to detail, it has pragmatism at its heart.